Security Engineer - 1791898

Well known global CPG firm seeks a Security Engineer.

This role is primarily remote, though must be commutable to NYC (Midtown) in case of security events, and as needed.

This is a permanent, direct hire, W2 opportunity. Compensation includes base salary, bonus, 401k, PTO, comprehensive benefits (medical/dental/vision), tuition reimbursement, and much more!

Responsibilities:

The Senior Security Engineer is responsible for leading and executing the design, implementation, and management of comprehensive security initiatives. They will identify potential vulnerabilities and mitigate risks while constantly staying ahead of emerging security threats. You will collaborate with cross-functional teams to design and implement robust security measures and ensure the confidentiality, integrity, and availability of systems and data. You should be able to operate independently with minimum supervision and provide thought and functional leadership to this role.  This includes:

Security Infrastructure Management:

• Design, implement, and manage security infrastructure, including firewalls, intrusion detection/prevention systems, antivirus solutions, and encryption technologies.
• Oversee the configuration and optimization of security tools to ensure optimal performance and minimal impact on operational efficiency.

1.    Vulnerability Assessment and Penetration Testing:

• Conduct regular vulnerability assessments and penetration tests to identify and address potential security weaknesses in our systems and applications.
• Develop and track remediation plans for identified vulnerabilities, working closely with relevant teams.

2.    Incident Response and Security Monitoring:

• Lead incident response efforts to promptly detect, investigate, and mitigate security incidents and breaches.
• Monitor security alerts and logs, responding to potential threats promptly and effectively.

Security Policies and Compliance:

• Develop, update, and enforce security policies, procedures, and standards aligned with industry best practices and compliance requirements.
• Collaborate with internal teams to ensure adherence to security policies and standards.

3.    Research and Industry Knowledge:

• Stay up-to-date with the latest security trends, technologies, and threats to proactively enhance our security posture.
• Share knowledge and insights with the team and contribute to the continuous improvement of security practices.



Security Audits and Assessments:

• Coordinate and participate in internal and external security audits and assessments.
• Collaborate with auditors to address findings and implement necessary improvements.

Qualifications:

• 5+ years of experience as a Security Engineer or in a similar security-focused role.
• In-depth knowledge of security frameworks, protocols, and standards (e.g., ISO 27001, NIST, CIS).
• Strong experience with security tools and technologies, such as SIEM, IDS/IPS, DLP, WAF, etc.
• Extensive experience configuring and managing log management and SIEM solutions
• Experience with CrowdStrike and PaloAlto or similar technologies
• Proficiency in conducting vulnerability assessments and penetration tests using various tools.
• Familiarity with scripting and programming languages (e.g., Python, PowerShell) for automation and security tool customization.
• BS CS, Information Security, or a related field. MS is a plus.

Pluses

• Certifications in any of the following areas: Offensive Security Certified Professional/Expert (OSCP/OSCE), CISSP, LPT, ITIL, Cobit
• Experience with Wireshark and Snort platforms, including regex knowledge
• Advanced knowledge of Nessus, Metasploit, and Kali Linux, Rapid 7
• Experience reviewing source code for security flaws and conducting web application security assessments
• Experience with LDAP Authentication and Identity Access Management

Anticipated compensation in the 150-190k +/- range.